Data Breaches in 2011 Dominated by Malware, Hacking

Verizon's 2012 Data Breach Investigation Report reveals that external threats were behind most of last year's data breaches, and they likely used malware or hacked their way in.

Malware and hacking were the most commonly used attack vectors in data breaches that occurred in 2011, according to a sneak peek of the 2012 Data Breach Investigations Report from Verizon.

Verizon released a preliminary version of its 2012 Data Breach Investigations Report Feb. 29. The preliminary report contains "a few snapshots" from the Verizon caseload that was analyzed for the report. The full version of the report is expected to be released in the coming weeks.

The full DBIR will include information about more than 850 data breaches in 2011, according to Verizon. However, a little over 10 percent of the incidents were actually investigated by the Verizon RISK team. Verizon complemented the information from those 90 incidents with data gathered from five law enforcement agencies it partnered with. The agencies included the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police.

The past year offered plenty of mini-breaches and mega-breaches to keep infosec professionals awake at night, according to the report. Hacktivism, cyber-espionage and organized crime were among the wreaking havoc on enterprise and government systems around the world.

Retail -- which included both online and traditional brick-and-mortar merchants -- hospitality and financial sectors suffered the most incidents in 2011, Verizon said. However, information and manufacturing industries lost the largest amount of data, measured in the number of records compromised, according to the preliminary report.

Financial gain appeared to still be the main motivation for cyber-attacks, according to the preliminary report. While organized crime was responsible for a majority of the incidents, online protests, other forms of hacktivism and disgruntled ex-employees also caused significant damage, according to the Verizon RISK team.

Hacking and malware remain significant threats as these two attack methods played some role in nearly all (99 percent) the incidents, according to the current report. These two methods are popular because they allow attackers remote access, automation and an easy getaway, Verizon said. Social engineering techniques are also increasing in popularity, associated with over half of the breaches investigated, Verizon said.

The most common servers breached in 2011 were point-of-sale servers, Web and application servers, and database servers. Desktops, laptops and point-of-sale terminals made up the bulk of compromised end-user devices, Verizon said.

Payment card information, personal identifying information and authentication credentials were the most often compromised in 2011, but other types of sensitive organizational data, trade secrets and copyright information were also stolen, Verizon said.